Andrea Danti - Fotolia

Cisco adds malware security features in Tetration analytics

Cisco has turned Tetration analytics toward app security. The latest upgrade helps spot software flaws and identify malware activity, such as Spectre and Meltdown exploits.

Cisco has upgraded the security in its Tetration analytics system to spot software vulnerabilities, identify abnormal activity and stop unauthorized communications between applications. The latest features apply to applications running in the data center and the cloud.

Cisco said the latest security features, introduced this week, equip Tetration to battle recent security threats, such as the Spectre and Meltdown CPU vulnerabilities. Hackers have developed dozens of different types of malware to exploit the flaws, but so far, there are no reports of stolen corporate data.

Security enhancements in Tetration include using the Common Vulnerabilities and Exposures (CVE) catalog of threats sponsored by the U.S. Department of Homeland Security. Tetration uses the CVE catalog to identify potentially vulnerable applications and rank the seriousness of the threat.

Security operators can choose their response to threats by setting up policies that dictate taking specific actions, such as quarantining software. Managers set the policies for cloud and data center applications through Tetration's user interface or APIs.

Tetration also helps IT managers find malicious application processes by building an inventory of those that are running or have run. Details kept on each process include its parameters, who is using it and for how long.

Finally, Cisco has added technology to Tetration that creates an application behavior baseline, which establishes what constitutes regular activity. Tetration flags deviations to managers as possible malware attacks. Examples of abnormal behavior would include privilege escalation, shellcode execution or side-channel attacks.

"These are typical techniques that malware uses," said Yogesh Kaushik, senior director of Tetration. "What Tetration is now doing is tracking all of those things and detecting those events."

Tetration analytics gets access to more data

With the latest security features, Cisco has opened up more data sources to Tetration. New data-gathering features include support for containers, a virtualization method for running cloud applications, and support for vCenter Server, VMware's centralized management tool for virtualized data centers. Load balancers running on Amazon Web Services are also a new source of data.

Tetration extracts data through sensors installed on application servers, bare-metal servers, virtual machines and, with the latest release, containers. Tetration uses software agents installed on the various platforms to enforce policies for applications running in the data center and in public and private clouds.

As an analytics engine, Tetration is unusual because it can store and analyze log and telemetry data related to application workloads and network traffic, said Dan Conde, an analyst at Enterprise Strategy Group, based in Milford, Mass. Most products focus either on applications or the network.

"Even though it's from Cisco, primarily a network company, this product does show that they can cross the aisle to look at things holistically," he said.

Dig Deeper on Network security